1 Comnet 2010 Communication Networks Recitation 11 Security.

Slides:



Advertisements
Similar presentations
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Advertisements

CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.
(4.4) Internet Protocols Layered approach to Internet Software 1.
Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Security (Part 2) School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 13, Thursday 4/5/2007)
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
8: Network Security – Integrity, Firewalls.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
1DT014/1TT821 Computer Networks I Chapter 8 Network Security
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
24-1 Last time □ Message Integrity □ Authentication □ Key distribution and certification.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
FIREWALL Mạng máy tính nâng cao-V1.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Network Security7-1 Today r Collect Ch6 HW r Assign Ch7 HW m Ch7 #2,3,4,5,7,9,10,12 m Due Wednesday Nov 19 r Continue with Chapter 7 (Security)
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
Chapter 6: Packet Filtering
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
Firewalls A note on the use of these ppt slides:
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 12 Network Security (2)
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
TCP/IP Protocols Contains Five Layers
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
1-1 1DT066 Distributed Information System Chapter 8 Network Security.
Firewall Tutorial Hyukjae Jang Nc lab, CS dept, Kaist.
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
CPS 290 Computer Security Network Tools Cryptography Basics CPS 290Page 1.
CS 453 Computer Networks Lecture 25 Introduction to Network Security.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Chapter 10: Network Security Chapter goals: r understand principles of network security: m cryptography and its many uses beyond “confidentiality” m authentication.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.
SECURITY REQUIREMENTS AND MANAGEMENT: Presentation By: Guillermo Dijk.
Network Security. 2 Why Network Security?  Malicious people share your network  Problem made more severe the more the Internet became commercialized.
IP packet filtering Breno de Medeiros. Florida State University Fall 2005 Packet filtering Packet filtering is a network security mechanism that works.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
FIREWALLS An Important Component in Computer Systems Security By: Bao Ming Soh.
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Last time Message Integrity Authentication
Security Outline Encryption Algorithms Authentication Protocols
IT443 – Network Security Administration Instructor: Bo Sheng
Security in the layers 8: Network Security.
Introduction to Networking
Firewalls Routers, Switches, Hubs VPNs
Lecture 10: Network Security.
Advanced Computer Networks
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

1 Comnet 2010 Communication Networks Recitation 11 Security

2 Comnet 2010 RSA: The problem A wants to send B a message, butA wants to send B a message, but –A and B cannot meet so cannot decide on a common key

3 Comnet 2010 RSA: The solution B sends A a public key e B. The public key can be used to encrypt, but not to decryptB sends A a public key e B. The public key can be used to encrypt, but not to decrypt A encrypts the message m with the public key and sends e B (m) to BA encrypts the message m with the public key and sends e B (m) to B B uses his own private key d B to decrypt: d B (e B (m))=mB uses his own private key d B to decrypt: d B (e B (m))=m

4 Comnet 2010 RSA obtaining keys 1. 1.Choose two large prime numbers p, q Compute n = pq  give to others Calculate z=(p-1)(q-1). Destroy p,q Choose 1<e<n that has no common factors with z  give to others. 5.. F 5.Compute d such that (de-1) is evenly divisible by z. Find an integer K which causes d = (Kz+ 1)/e to be integer, and use d  keep secret. Destroy z. Public key (n,e). Private key (n,d).

5 Comnet 2010 RSA example 1.p = 61, q = 53 2.n = z= , 11, 17 will do. We choose e=17. 5.d=2753: (3120K+1)/17 integer  K=15. Public key (3233,17). Private key (3233,2753).

6 Comnet 2010 RSA encryption/decryption Encryption :Encryption : c = m e mod n Decryption :Decryption : m = c d mod n

7 Comnet 2010 RSA encryption/decryption example encrypt(m) = m 17 mod 3233 Encrpyt(123) = mod 3233 = 855 decrypt(c) = c 2753 mod 3233 Decrpyt(855) = mod 3233 = 123

8 Comnet 2010 RSA with a pocket calculator 2753 = base = base = = = = = 855 (mod 3233) = 367 (mod 3233) = (mod 3233) = 2136 (mod 3233) = (mod 3233) = 733 (mod 3233) = (mod 3233) = 611 (mod 3233) = (mod 3233) = 1526 (mod 3233) = (mod 3233) = 916 (mod 3233) = (mod 3233) = 1709 (mod 3233) = (mod 3233) = 1282 (mod 3233) = (mod 3233) = 1160 (mod 3233) = (mod 3233) = 672 (mod 3233) = (mod 3233) = 2197 (mod 3233)

9 Comnet (mod 3233) = 855^( ) (mod 3233) = * * * * (mod 3233) = 855 * 916 * 1709 * 1160 * 2197 (mod 3233) = 794 * 1709 * 1160 * 2197 (mod 3233) = 2319 * 1160 * 2197 (mod 3233) = 184 * 2197 (mod 3233) = 123 (mod 3233) = 123

10 Comnet 2010 RSA: Signatures How can B know the message was from A?How can B know the message was from A? –A produces a hash H(m) –A encrypts with his private key d A (H(m)) and sends with m. –B produces H(m), decrypts d A (H(m)) with A’s public key e A : e A (d A (H(m)))=H(m) and compares them.

11 Comnet 2010 RSA Signature example A wants to send “This is a very important message”.A wants to send “This is a very important message”. p=5, q=7  n = 35, z = 24p=5, q=7  n = 35, z = 24 e = 5; d = 29e = 5; d = 29 Public key: (35, 5) Private key: (35, 29)Public key: (35, 5) Private key: (35, 29) H( “This is a very important message” )=26H( “This is a very important message” )= mod 35 = mod 35 = 31 A sends “This is a very important message”, 31A sends “This is a very important message”, 31 B gets public key 5, 31 5 mod 35 = 26.B gets public key 5, 31 5 mod 35 = 26. Compares to H( “This is a very important message” )=26Compares to H( “This is a very important message” )=26

12 Comnet 2010 RSA: Authorization How can B know this is really the A he knows?How can B know this is really the A he knows? –Certification Authority has public key e CA and private key d CA –A proves to CA that he is A using some identity proof, and gets d CA (e A ) –B can now use e CA (d CA (e A ))=e A

13 Comnet 2010 RSA Authorization example A wants to send “This is a very important message”.A wants to send “This is a very important message” CA has Public key (3337, 79), Private key (3337, 1019)CA has Public key (3337, 79), Private key (3337, 1019) B gets A’s authorized public key mod 3337 = 199B gets A’s authorized public key mod 3337 = 199 B uses mod 3337 = 5B uses mod 3337 = 5 …

14 Comnet 2010 Firewall Isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others Firewall is usually implemented as a router Router filters packets, based on: – –source IP address – –destination IP address – –TCP/UDP source and destination port numbers – –ICMP message type – –TCP SYN and ACK bits – –“Smart filtering”

15 Comnet 2010 Example firewall rules “Allow outgoing traffic only on ports HTTP, HTTPS, FTP and TELNET”“Allow outgoing traffic only on ports HTTP, HTTPS, FTP and TELNET” –Used in a work place to make sure people aren’t using dangerous/illegal sharing –Too wide “Do not allow incomingng traffic on port TCP/4661 (edonkey)”“Do not allow incomingng traffic on port TCP/4661 (edonkey)” –Too narrow

16 Comnet 2010 More rules “Allow incoming traffic only on port HTTP/HTTPS”“Allow incoming traffic only on port HTTP/HTTPS” –Is it blocking enough? –What other applications? “Do not allow traffic from bezeqint.net”“Do not allow traffic from bezeqint.net” –Sad but true

17 Comnet 2010 Firewalls prevented SYN DDOS attack 1.An external host sends a syn packet. 2.Firewall responds with a syn+ack to the external host (at this point, the internal server doesn’t even know that there is something going on like this). 3.If the external hosts sends an ack packet, then the firewall creates a new session by syn to ack to the internal server. 4.Then it connects them together so that the communication works. Can this be circumvented? What else can the firewall do?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.